Merge pull request #116 from xia0pin9/refactor/log-standardization

refactor: standardize error logging across codebase

Author: xia0pin9

client/add.go

@@ -35,7 +35,7 @@ var addTinkKeyset = cmdAdd.Flag.String("key-template", "", "name of a knox-suppo
 
 func runAdd(cmd *Command, args []string) *ErrorStatus {
 	if len(args) != 1 {
-		return &ErrorStatus{fmt.Errorf("add takes only one argument. See 'knox help add'"), false}
+		return &ErrorStatus{fmt.Errorf("add takes only one argument; see 'knox help add'"), false}
 	}
 	keyID := args[0]
 	var data []byte
@@ -50,7 +50,7 @@ func runAdd(cmd *Command, args []string) *ErrorStatus {
 	}
 	versionID, err := cli.AddVersion(keyID, data)
 	if err != nil {
-		return &ErrorStatus{fmt.Errorf("Error adding version: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error adding version: %w", err), true}
 	}
 	fmt.Printf("Added key version %d\n", versionID)
 	return nil
@@ -65,7 +65,7 @@ func getDataWithTemplate(templateName string, keyID string) ([]byte, error) {
 	// get all versions (primary, active, inactive) of this knox identifier
 	allVersions, err := cli.NetworkGetKeyWithStatus(keyID, knox.Inactive)
 	if err != nil {
-		return nil, fmt.Errorf("error getting key: %s", err.Error())
+		return nil, fmt.Errorf("error getting key: %w", err)
 	}
 	return addNewTinkKeyset(tinkKeyTemplates[templateName].templateFunc, allVersions.VersionList)
 }

client/create.go

@@ -37,7 +37,7 @@ var createTinkKeyset = cmdCreate.Flag.String("key-template", "", "name of a knox
 
 func runCreate(cmd *Command, args []string) *ErrorStatus {
 	if len(args) != 1 {
-		return &ErrorStatus{fmt.Errorf("create takes exactly one argument. See 'knox help create'"), false}
+		return &ErrorStatus{fmt.Errorf("create takes exactly one argument; see 'knox help create'"), false}
 	}
 	keyID := args[0]
 	var data []byte
@@ -59,7 +59,7 @@ func runCreate(cmd *Command, args []string) *ErrorStatus {
 	acl := knox.ACL{}
 	versionID, err := cli.CreateKey(keyID, data, acl)
 	if err != nil {
-		return &ErrorStatus{fmt.Errorf("Error adding version: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error adding version: %w", err), true}
 	}
 	fmt.Printf("Created key with initial version %d\n", versionID)
 	return nil
@@ -69,7 +69,7 @@ func readDataFromStdin() ([]byte, error) {
 	fmt.Println("Reading from stdin...")
 	data, err := io.ReadAll(os.Stdin)
 	if err != nil {
-		return data, fmt.Errorf("problem reading key data: %s", err.Error())
+		return data, fmt.Errorf("problem reading key data: %w", err)
 	}
 	return data, nil
 }

client/daemon.go

@@ -55,7 +55,7 @@ func runDaemon(cmd *Command, args []string) *ErrorStatus {
 	if os.Getenv("KNOX_MACHINE_AUTH") == "" {
 		hostname, err := os.Hostname()
 		if err != nil {
-			return &ErrorStatus{fmt.Errorf("You're on a host with no name: %s", err.Error()), false}
+			return &ErrorStatus{fmt.Errorf("you're on a host with no name: %w", err), false}
 		}
 		os.Setenv("KNOX_MACHINE_AUTH", hostname)
 	}
@@ -90,7 +90,7 @@ func (d *daemon) loop(refresh time.Duration) {
 
 	watcher, err := fsnotify.NewWatcher()
 	if err != nil {
-		fatalf("Unable to watch files: %s", err.Error())
+		fatalf("unable to watch files: %v", err)
 	}
 	watcher.Add(d.registerFilename())
 
@@ -100,7 +100,7 @@ func (d *daemon) loop(refresh time.Duration) {
 		err := d.update()
 		if err != nil {
 			d.updateErrCount++
-			logf("Failed to update keys: %s", err.Error())
+			logf("failed to update keys: %v", err)
 		} else {
 			d.successCount++
 		}
@@ -125,29 +125,29 @@ func (d *daemon) loop(refresh time.Duration) {
 func (d *daemon) initialize() error {
 	err := os.MkdirAll(d.dir, defaultDirPermission)
 	if err != nil {
-		return fmt.Errorf("Failed to initialize /var/lib/knox (run 'sudo mkdir /var/lib/knox'?): %s", err.Error())
+		return fmt.Errorf("failed to initialize /var/lib/knox (run 'sudo mkdir /var/lib/knox'?): %w", err)
 	}
 
 	// Need to chmod due to a umask set on masterless puppet machines
 	err = os.Chmod(d.dir, defaultDirPermission)
 	if err != nil {
-		return fmt.Errorf("Failed to open up directory permissions: %s", err.Error())
+		return fmt.Errorf("failed to open up directory permissions: %w", err)
 	}
 	err = os.MkdirAll(d.keyDir(), defaultDirPermission)
 	if err != nil {
-		return fmt.Errorf("Failed to make key folders: %s", err.Error())
+		return fmt.Errorf("failed to make key folders: %w", err)
 	}
 
 	// Need to chmod due to a umask set on masterless puppet machines
 	err = os.Chmod(d.keyDir(), defaultDirPermission)
 	if err != nil {
-		return fmt.Errorf("Failed to open up directory permissions: %s", err.Error())
+		return fmt.Errorf("failed to open up directory permissions: %w", err)
 	}
 	_, err = os.Stat(d.registerFilename())
 	if os.IsNotExist(err) {
 		err := os.WriteFile(d.registerFilename(), []byte{}, defaultFilePermission)
 		if err != nil {
-			return fmt.Errorf("Failed to initialize registered key file: %s", err.Error())
+			return fmt.Errorf("failed to initialize registered key file: %w", err)
 		}
 	} else if err != nil {
 		return err
@@ -156,7 +156,7 @@ func (d *daemon) initialize() error {
 	// Need to chmod due to a umask set on masterless puppet machines
 	err = os.Chmod(d.registerFilename(), defaultFilePermission)
 	if err != nil {
-		return fmt.Errorf("Failed to open up register file permissions: %s", err.Error())
+		return fmt.Errorf("failed to open up register file permissions: %w", err)
 	}
 	d.registerKeyFile = NewKeysFile(d.registerFilename())
 	return nil
@@ -196,7 +196,7 @@ func (d *daemon) update() error {
 			key, err := d.cli.CacheGetKey(keyID)
 			if err != nil {
 				// Keep going in spite of failure
-				logf("error getting cache key: %s", err)
+				logf("error getting cache key: %v", err)
 				// Remove existing cached key with invalid format (saved with previous version clients)
 				if _, err = os.Stat(d.keyFilename(keyID)); err == nil {
 					d.deleteKey(keyID)
@@ -222,7 +222,7 @@ func (d *daemon) update() error {
 			if err != nil {
 				// Keep going in spite of failure
 				d.getKeyErrCount++
-				logf("error processing key: %s", err)
+				logf("error processing key: %v", err)
 			}
 		}
 	}
@@ -270,11 +270,13 @@ func (d daemon) keyFilename(id string) string {
 func (d daemon) processKey(keyID string) error {
 	key, err := d.cli.NetworkGetKey(keyID)
 	if err != nil {
-		if err.Error() == "User or machine not authorized" || err.Error() == "Key identifer does not exist" {
+		errMsg := err.Error()
+		// Check for authorization or key not found errors (using contains for more robust matching)
+		if strings.Contains(errMsg, "User or machine not authorized") || strings.Contains(errMsg, "Key identifier does not exist") {
 			// This removes keys that do not exist or the machine is unauthorized to access
 			d.registerKeyFile.Remove([]string{keyID})
 		}
-		return fmt.Errorf("Error getting key %s: %s", keyID, err.Error())
+		return fmt.Errorf("error getting key %s: %w", keyID, err)
 	}
 	// Do not cache any new keys if they have invalid content
 	if key.ID == "" || key.ACL == nil || key.VersionList == nil || key.VersionHash == "" {
@@ -284,42 +286,42 @@ func (d daemon) processKey(keyID string) error {
 	if strings.HasPrefix(keyID, tinkPrefix) {
 		keysetHandle, _, err := getTinkKeysetHandleFromKnoxVersionList(key.VersionList)
 		if err != nil {
-			return fmt.Errorf("Error fetching keyset handle for this tink key %s: %s", keyID, err.Error())
+			return fmt.Errorf("error fetching keyset handle for this tink key %s: %w", keyID, err)
 		}
 		tinkKeyset, err := convertTinkKeysetHandleToBytes(keysetHandle)
 		if err != nil {
-			return fmt.Errorf("Error converting tink keyset handle to bytes %s: %s", keyID, err.Error())
+			return fmt.Errorf("error converting tink keyset handle to bytes %s: %w", keyID, err)
 		}
 		key.TinkKeyset = base64.StdEncoding.EncodeToString(tinkKeyset)
 	}
 
 	b, err := json.Marshal(key)
 	if err != nil {
-		return fmt.Errorf("Error marshalling key %s: %s", keyID, err.Error())
+		return fmt.Errorf("error marshalling key %s: %w", keyID, err)
 	}
 	// Write to tmpfile, mv to normal location. Close + rm on failures
 	tmpFile, err := os.CreateTemp(d.dir, fmt.Sprintf(".*.%s.tmp", keyID))
 	if err != nil {
-		return fmt.Errorf("Error opening tmp file for key %s: %s", keyID, err.Error())
+		return fmt.Errorf("error opening tmp file for key %s: %w", keyID, err)
 	}
 	_, err = tmpFile.Write(b)
 	if err != nil {
 		tmpFile.Close()
 		os.Remove(tmpFile.Name())
-		return fmt.Errorf("Error writing key %s to file: %s", keyID, err.Error())
+		return fmt.Errorf("error writing key %s to file: %w", keyID, err)
 	}
 	// Done writing
 	tmpFile.Close()
 
 	err = os.Rename(tmpFile.Name(), d.keyFilename(keyID))
 	if err != nil {
 		os.Remove(tmpFile.Name())
-		return fmt.Errorf("Error renaming key %s temporary file: %s", keyID, err.Error())
+		return fmt.Errorf("error renaming key %s temporary file: %w", keyID, err)
 	}
 
 	err = os.Chmod(d.keyFilename(keyID), defaultFilePermission)
 	if err != nil {
-		return fmt.Errorf("Failed to open up key file permissions: %s", err.Error())
+		return fmt.Errorf("failed to open up key file permissions: %w", err)
 	}
 	return nil
 }
@@ -360,7 +362,7 @@ func (k *KeysFile) Lock() error {
 
 	// Annotate error with path to file to make debugging easier
 	if err != nil {
-		return fmt.Errorf("unable to obtain lock on file '%s': %s", k.fn, err.Error())
+		return fmt.Errorf("unable to obtain lock on file '%s': %w", k.fn, err)
 	}
 	return nil
 }
@@ -371,7 +373,7 @@ func (k *KeysFile) Unlock() error {
 
 	// Annotate error with path to file to make debugging easier
 	if err != nil {
-		return fmt.Errorf("unable to release lock on file '%s': %s", k.fn, err.Error())
+		return fmt.Errorf("unable to release lock on file '%s': %w", k.fn, err)
 	}
 	return nil
 }
@@ -474,7 +476,7 @@ func identifyLockHolders(filename string) (string, error) {
 	cmd := exec.Command("lsof", filename)
 	out, err := cmd.CombinedOutput()
 	if err != nil {
-		return string(out), fmt.Errorf("error identifying lock holder: %s", err.Error())
+		return string(out), fmt.Errorf("error identifying lock holder: %w", err)
 	}
 
 	return string(out), nil

client/deactivate.go

@@ -27,14 +27,14 @@ See also: knox reactivate, knox promote
 
 func runDeactivate(cmd *Command, args []string) *ErrorStatus {
 	if len(args) != 2 {
-		return &ErrorStatus{fmt.Errorf("deactivate takes exactly two argument. See 'knox help deactivate'"), false}
+		return &ErrorStatus{fmt.Errorf("deactivate takes exactly two arguments; see 'knox help deactivate'"), false}
 	}
 	keyID := args[0]
 	keyVersion := args[1]
 
 	err := cli.UpdateVersion(keyID, keyVersion, knox.Inactive)
 	if err != nil {
-		return &ErrorStatus{fmt.Errorf("Error updating version: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error updating version: %w", err), true}
 	}
 	fmt.Printf("Deactivated %s successfully.\n", keyVersion)
 	return nil

client/delete.go

@@ -19,12 +19,12 @@ See also: knox create
 
 func runDelete(cmd *Command, args []string) *ErrorStatus {
 	if len(args) != 1 {
-		return &ErrorStatus{fmt.Errorf("create takes exactly one argument. See 'knox help delete'"), false}
+		return &ErrorStatus{fmt.Errorf("delete takes exactly one argument; see 'knox help delete'"), false}
 	}
 
 	err := cli.DeleteKey(args[0])
 	if err != nil {
-		return &ErrorStatus{fmt.Errorf("Error deleting key: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error deleting key: %w", err), true}
 	}
 	fmt.Printf("Successfully deleted key\n")
 	return nil

client/get.go

@@ -58,7 +58,7 @@ func failureGetKeyMetric(keyID string, err error) {
 
 func runGet(cmd *Command, args []string) *ErrorStatus {
 	if len(args) != 1 {
-		return &ErrorStatus{fmt.Errorf("get takes only one argument. See 'knox help get'"), false}
+		return &ErrorStatus{fmt.Errorf("get takes only one argument; see 'knox help get'"), false}
 	}
 	keyID := args[0]
 
@@ -101,7 +101,7 @@ func runGet(cmd *Command, args []string) *ErrorStatus {
 	}
 	if err != nil {
 		failureGetKeyMetric(keyID, err)
-		return &ErrorStatus{fmt.Errorf("Error getting key: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error getting key: %w", err), true}
 	}
 	if *getJSON {
 		data, err := json.Marshal(key)
@@ -128,12 +128,12 @@ func runGet(cmd *Command, args []string) *ErrorStatus {
 		}
 	}
 	failureGetKeyMetric(keyID, errors.New("key version not found"))
-	return &ErrorStatus{fmt.Errorf("%s", "Key version not found."), false}
+	return &ErrorStatus{fmt.Errorf("key version not found"), false}
 }
 
 func retrieveTinkKeyset(keyID string, getFromNetwork bool) ([]byte, *ErrorStatus) {
 	if !isIDforTinkKeyset(keyID) {
-		return nil, &ErrorStatus{fmt.Errorf("this knox identifier is not for tink keyset"), false}
+		return nil, &ErrorStatus{fmt.Errorf("this knox identifier is not for a tink keyset"), false}
 	}
 	// get the primary and all active versions of this knox identifier.
 	var primaryAndActiveVersions *knox.Key
@@ -144,7 +144,7 @@ func retrieveTinkKeyset(keyID string, getFromNetwork bool) ([]byte, *ErrorStatus
 		primaryAndActiveVersions, err = cli.GetKey(keyID)
 	}
 	if err != nil {
-		return nil, &ErrorStatus{fmt.Errorf("error getting key: %s", err.Error()), true}
+		return nil, &ErrorStatus{fmt.Errorf("error getting key: %w", err), true}
 	}
 	keysetHandle, _, err := getTinkKeysetHandleFromKnoxVersionList(primaryAndActiveVersions.VersionList)
 	if err != nil {
@@ -159,7 +159,7 @@ func retrieveTinkKeyset(keyID string, getFromNetwork bool) ([]byte, *ErrorStatus
 
 func retrieveTinkKeysetInfo(keyID string, getFromNetwork bool) (string, *ErrorStatus) {
 	if !isIDforTinkKeyset(keyID) {
-		return "", &ErrorStatus{fmt.Errorf("this knox identifier is not for tink keyset"), false}
+		return "", &ErrorStatus{fmt.Errorf("this knox identifier is not for a tink keyset"), false}
 	}
 	// get the primary and all active versions of this knox identifier.
 	var primaryAndActiveVersions *knox.Key
@@ -170,7 +170,7 @@ func retrieveTinkKeysetInfo(keyID string, getFromNetwork bool) (string, *ErrorSt
 		primaryAndActiveVersions, err = cli.GetKey(keyID)
 	}
 	if err != nil {
-		return "", &ErrorStatus{fmt.Errorf("error getting key: %s", err.Error()), true}
+		return "", &ErrorStatus{fmt.Errorf("error getting key: %w", err), true}
 	}
 	keysetHandle, tinkKeyIDToKnoxVersionID, err := getTinkKeysetHandleFromKnoxVersionList(primaryAndActiveVersions.VersionList)
 	if err != nil {

client/getacl.go

@@ -29,20 +29,20 @@ var getACLJSON = cmdGetACL.Flag.Bool("json", false, "")
 
 func runGetACL(cmd *Command, args []string) *ErrorStatus {
 	if len(args) != 1 {
-		return &ErrorStatus{fmt.Errorf("acl takes only one argument. See 'knox help acl'"), false}
+		return &ErrorStatus{fmt.Errorf("acl takes only one argument; see 'knox help acl'"), false}
 	}
 
 	keyID := args[0]
 	acl, err := cli.GetACL(keyID)
 	if err != nil {
-		return &ErrorStatus{fmt.Errorf("Error getting key ACL: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error getting key ACL: %w", err), true}
 	}
 
 	if *getACLJSON {
 		aclEnc, err := json.Marshal(acl)
 		if err != nil {
 			// malformated ACL considered as knox server side error
-			return &ErrorStatus{fmt.Errorf("Could not marshal ACL: %v", acl), true}
+			return &ErrorStatus{fmt.Errorf("could not marshal ACL: %v", acl), true}
 		}
 		fmt.Println(string(aclEnc))
 		return nil
@@ -52,7 +52,7 @@ func runGetACL(cmd *Command, args []string) *ErrorStatus {
 		aEnc, err := json.Marshal(a)
 		if err != nil {
 			// malformated ACL entry considered as knox server side error
-			return &ErrorStatus{fmt.Errorf("Could not marshal entry: %v", a), true}
+			return &ErrorStatus{fmt.Errorf("could not marshal entry: %v", a), true}
 		}
 		fmt.Println(string(aEnc))
 	}

client/getkeys.go

@@ -28,7 +28,7 @@ func runGetKeys(cmd *Command, args []string) *ErrorStatus {
 	}
 	l, err := cli.GetKeys(m)
 	if err != nil {
-		return &ErrorStatus{fmt.Errorf("Error getting keys: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error getting keys: %w", err), true}
 	}
 	for _, k := range l {
 		fmt.Println(k)

client/getversions.go

@@ -33,7 +33,7 @@ var verboseOutput = cmdGetVersions.Flag.Bool("v", false, "verbose")
 
 func runGetVersions(cmd *Command, args []string) *ErrorStatus {
 	if len(args) != 1 {
-		return &ErrorStatus{fmt.Errorf("get takes only one argument. See 'knox help versions'"), false}
+		return &ErrorStatus{fmt.Errorf("versions takes only one argument; see 'knox help versions'"), false}
 	}
 
 	var status knox.VersionStatus
@@ -49,7 +49,7 @@ func runGetVersions(cmd *Command, args []string) *ErrorStatus {
 	keyID := args[0]
 	key, err := cli.GetKeyWithStatus(keyID, status)
 	if err != nil {
-		return &ErrorStatus{fmt.Errorf("Error getting key: %s", err.Error()), true}
+		return &ErrorStatus{fmt.Errorf("error getting key: %w", err), true}
 	}
 	kvl := key.VersionList
 	for _, v := range kvl {